How to run sudo command without a password on a Linux or Unix

Posted on in Categories , , , , , , last updated April 18, 2017

I‘m a new Unix system user. How do I use sudo command without a password on a Linux or Unix-like systems? I log in as tom@my-cloud-server-ip and disabled root login for ssh. After login, I need to run some commands as root user. I am the only sysadmin using my server. How do I run or execute sudo command without a password for a user named Tom under Debian/Ubuntu/CentOS Linux cloud server?

sudo (“superuser do”) is nothing but a tool for Linux or Unix-like systems to run commands/programs as another user. Typically as a root user or another user. You can delegate common tasks such as reboot the server or restart the Apache or make a backup using sudo for unprivileged users.

By default, sudo needs that a user authenticates using a password before running a command. Some times you may need to run a command with root privileges, but you do not want to type a password using sudo command. This is useful for scripting or any other purpose. This can be achieved by editing /etc/sudoers file and setting up correct entries. You need to consider any security consequence of allowing a sudo command execute without a password.

How to to run sudo command without a password:

  1. Backup your /etc/sudoers file by typing the following command:
    sudo cp /etc/sudoers /root/sudoers.bak
  2. Edit the /etc/sudoers file by typing the visudo command:
    sudo visudo
  3. Append/edit the line as follows in the /etc/sudoers file for user named ‘vivek’ to run ‘/bin/kill’ and ‘systemctl’ commands:
    vivek ALL = NOPASSWD: /bin/systemctl restart httpd.service, /bin/kill
  4. Save and exit the file.

How do I execute ALL sudo commands without password?

Type the following command as root user:
# visudo
Or
$ sudo visudo
Append the following entry to run ALL command without a password for a user named tom:

tom ALL=(ALL) NOPASSWD:ALL

Here is my sample config file:

Fig.01: How to execute sudo without password for tom user
Fig.01: How to execute sudo without password for tom user

Save and close the file. Now you can run any command as root user:
$ sudo /etc/init.d/nginx restart
$ sudo /sbin/reboot
$ sudo apt-get install htop
## get root shell ##
$ sudo -i

Please make sure only tom can login via ssh keys.

How do I test it?

Simply run /bin/kill to kill any process without a password:
[vivek@server ]$ sudo /bin/kill pid-here
OR
[vivek@server ]$ sudo /bin/systemctl restart httpd.service

For more info read man pages: sudoers(5),visudo(8)

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

13 comment

    1. Unfortunately the “standard” deployer for Rails, Capistrano, has a requirement that it never needs a password for anything. You have to set up everything to require keys so the deployer machine can connect to anything it deploys to, plus Git, without a password. Even though I’m logging on using a key in Ubuntu 14, Sudo is asking for a password and Capistrano keeps trying to enter a blank password.

    1. I would say this article has a sense.
      Let’s say you are working for nagios configuration and sometimes you need a script does some stuff with sudo rights and do not ask password (and do not require tty, which is not mentioned).
      It could be done as described in the article.

  1. In my experience with Unix and Linux where this helps give the operations/developers the tools they need to get the job done. It is not the most secure solution, but it is viable .. especially if you want to script something for an “application” user.

  2. If you are logged in as an admin user, I guess you will just need sudo password once per session. Turning off the password check is not a good idea, at least you will think once before doing something horribly wrong.

  3. Okay, scrap this lesson and instead teach this:

    sudo echo "#!/bin/bash" > /usr/bin/bsudo
    sudo echo "sudo $@" >> /usr/bin/bsudo
    sudo echo "sudo -K" >> /usr/bin/bsudo
    sudo chmod 550 /usr/bin/bsudo
    sudo chgrp users /usr/bin/bsudo

    Now, use bsudo instead of sudo and just change back to sudo after you understand basic security.

Leave a Comment